This invention relates generally to an imaginary computing system being executed by a computer system (a virtual machine) and in particular to a virtual machine that may have securely distributed bytecode verification.
A virtual machine (hereinafter xe2x80x9cVMxe2x80x9d) is an imaginary computing machine generated by a software application which is similar to a conventional hardware central processing unit (hereinafter xe2x80x9cCPUxe2x80x9d), but also has several technological differences. The CPU and the VM both may have an instruction set and may use various different memory areas that may be segmented in some manner. A conventional CPU, as is well known, executes its instructions directly using some electronic hardware logic circuitry located within the CPU. For example, an ADD instruction may be executed by a hardware arithmetic logic unit (ALU) within the CPU. The VM, which is a software implementation being executed by a processor, however, does not execute its sequence of instructions directly using hardware electronic logic circuitry, such as the ALU, but rather converts the sequence of instructions into hardware-specific instructions either through a xe2x80x9clast-minutexe2x80x9d batch translation process, known as xe2x80x9cjust-in-timexe2x80x9d compilation, or through a real-time interpretation process, known as interpretation. Due to the translation or interpretation, the programs or applications executed by the VM are platform-independent such that the hardware-specific instructions may be executed by any VM, regardless of the underlying operating system being used by the computer system containing the VM. For example, a VM system being executed on a Windows-based PC computer system will use the same instructions as a VM system being executed on a UNIX-based computer system.
The result of the platform-independent coding of a VM""s instruction sequence is a stream of one or more bytecodes. These bytecodes are one byte long numerical codes commonly used to represent VM instructions for coding efficiency and compactness. Many different VM system architectures are currently being used in the computer and software industries.
A common characteristic of many VM system architectures is that they contain a built-in bytecode verification system which ensures that the programs or applications that the VM is requested to execute are a sequence of valid combinations of bytecodes and will not result, once translated or interpreted, into faulty execution steps performed by the underlying physical processing unit that is executing the VM system. The faulty execution steps may create errors or illegal accesses to hardware resources. Bytecode verification is particularly important if the physical processing unit and computing architecture executing the VM system is very sensitive to execution errors. It is also particularly important for a VM system that may contain especially valuable data because people may attempt to deceive the VM system with false bytecode in order to obtain access to the valuable data. For example, when the VM system is hosted inside a personal computer or workstation with valuable user files, or when the VM system is inside a product dedicated to participating in financial transactions, such as containing electronic representations of money, it is especially necessary to have a bytecode verification process to prevent unauthorized access to or corruption of the electronic representations of money.
Bytecode verification may be a sophisticated multi-step process which greatly increases the memory required to store the VM system, which complicates the VM""s architecture, and which degrades the performance of the VM system. This is especially a problem when the VM is intended to operate within a small, low-cost, portable, yet security-sensitive product, such as a smart card, electronic wallet or other consumer product possibly involved in electronic money transactions. A smart card may be a credit-card sized plastic card with an embedded microcontroller chip that executes some software applications stored on the card, including a VM system, to perform some electronic money transactions, such as debiting the amount of money contained within the smart card. The microcontrollers in these smart cards typically have limited processing power. In addition, a limited amount of memory is available on these smart cards. Thus, a bytecode verification process is especially cumbersome in a smart card system.
Therefore, conventional smart cards that perform bytecode verification on the smart card have degraded processing performance and require a large amount of memory to store the VM system due to the complex bytecode verification process. It is desirable to produce a low-cost, security sensitive product with a VM system that does not diminish the overall level of execution security of the VM system, but significantly reduces the complexity of the bytecode verifier located within the VM system.
Thus, there is a need for a VM system with securely distributed bytecode verification which avoid these and other problems of known devices, and it is to this end that the present invention is directed.
The invention provides a virtual machine (VM) with securely distributed bytecode verification such that a portion of the bytecode verification occurs outside of the VM system which contributes to a reduction in the overall memory size of the VM and an increase in the overall processing speed of the VM. The invention operates in a bytecode-based file format being executed by a VM located inside of a low-cost silicon chip. The VM may contain a reduced bytecode verification system, while still guaranteeing that the bytecode loaded into the memory of the VM is always being executed with the same level of security as would be provided by a VM system with a complete bytecode verification process. In particular, the functionality of the bytecode verifier located inside a VM may be reduced by shifting a portion of its verification tasks to a remote securely distributed bytecode verifier. The securely distributed verification process, including the remote verifier and the verifier in the VM, retains the overall execution security that would be achieved if the entire verification processes was executed by the VM itself. The reduction of the bytecode verification within the VM also may the amount of data that must be downloaded to the VM since certain data normally used for bytecode verification is no longer needed.
The invention also provides a securely distributed bytecode verification process and system wherein a portion of the bytecode verification process is removed from the VM itself and moved to a remote front-end system located in a secure workstation. The bytecode verification within the remote system may be executed at, or prior to, loading of the bytecode into the VM. The part of the bytecode verification remaining inside the VM is executed when the bytecodes generated by the remote converter are executed within the VM. The remote bytecode verification in the remote system and bytecode verification in the VM are securely linked together through a software application executed within the VM which may determine and authenticate that bytecode currently being loaded into the VM was previously partially verified by the remote system. Thus, the bytecode verification may be distributed over two distinct, but complementary and securely linked computing environments. A particular embodiment of the VM with securely distributed bytecode verification may be a low-cost smart card that includes a VM located within the microcontroller embedded within the smart card.
In accordance with the invention, a system for executing a software application comprising a plurality of hardware independent bytecodes is provided comprising a computing system that generates bytecodes, a VM, remote to the computing system, that receives a plurality of bytecodes from said computing system, and executes said plurality of bytecodes, a system for testing said bytecodes against a set of predetermined criteria in which the testing is securely distributed between said VM and said computing system so that the bytecode verification completed by the computing system is authenticated by the VM prior to the execution of the bytecodes by said VM. A method for distributed bytecode verification is also provided.